MobiVisor Blog Series: Mobile Device Security with MDM

The security of mobile devices, whether Android or iOS, is particularly important in a corporate context. According to the GDPR, sensitive and personal data must be comprehensively protected. However, this is not fully possible with the security settings that come with the mobile devices. Read our article to learn how to increase mobile device security using an MDM.

 

The difference between personal and professional use of mobile devices

When using mobile devices privately, it is generally assumed that the data on them only affects the owner of the device. Nevertheless, it is of course important that this data is protected. Private individuals can implement these recommended security settings on their devices, for example by blocking certain spam numbers, setting PIN, password or Face ID, regular updates or two-factor authentication for all apps with important or sensitive data.

However, if mobile devices are primarily used for work, the whole thing becomes a little more complex. After all, it’s not just the user’s data that needs to be protected, but also all the data of clients, patients, customers, colleagues and much more. The entire company network must be protected against data theft. The requirements for data protection within a company are the GDPR and digital compliance guidelines, such as the one that will soon come into force NIS2 policy. Mobile devices must therefore also be comprehensively secured as part of the company network.

 

The security of mobile devices can be increased with just a few measures

When using mobile devices in companies, three aspects are particularly important for security:

  • Possibility of preventing safety-endangering actions by the user (prevention)
  • Possibility of monitoring to prevent suspicious activities (action)
  • Possibility of preventing the company from being compromised in an emergency (reaction)

In order to implement these requirements, a Mobile Device Management (MDM) system be used. This offers various settings for both Android and all Apple devices to permanently guarantee and increase the security of mobile devices. In order to be able to fully configure these settings on the devices, they must belong to the company. For Apple devices, this means that they must be associated with an Apple Business Account. Android devices can be set up as business only devices before being issued to end users.

 

How are the security-relevant functions of the MDM used?

The basic functionality of an MDM is based on the interfaces that the device manufacturers provide to the MDM manufacturers. For Android devices, the scope of the interfaces provided can vary from provider to provider. Companies like Samsung allow a lot of functions, including special ones, while others offer fewer interfaces.

Apple devices have different interfaces – so that although the same result can often be achieved with Apple functions, they work completely differently in the background. These interfaces can also change with every update of the operating system, which means that the development of an MDM is never finished; for example, new functions are added or others cannot be continued.

The MDM guidelines are then applied to the device via the interfaces. The guidelines include various functions of the MDM, e.g. blacklists of certain apps, application of configurations e.g. for WiFi connections or email servers, password guidelines and much more. Of course, the guidelines primarily serve data protection, but they also simplify the use of mobile devices, for example by using one KIOSK Mode applies.

 

The security of mobile devices also depends on the setup

In general, when it comes to the security of their mobile devices, companies should be aware that they must choose a usage model that meets their needs. Generally speaking, there are three options for Apple and Android devices:

  • The device belongs entirely to the company (COBO)
  • The device belongs to the company, but may be used privately (CO-WP)
  • The device belongs to the user, but is used for work (BYOD)

If the mobile device belongs to the company, IT has the most extensive options for implementing security measures – including with the help of an MDM. The IT admin can configure all of the device’s settings. Please note that data on the device cannot be accessed using the MDM: messages, photos or logs are not recorded in the MDM. This data is processed either on the device itself or in the corresponding apps.

In contrast, if the device can also be used privately, you can benefit from data separation on the mobile devices. Apple has the managed/unmanaged model, while Android has a private and a professional profile stored on the device during setup. The transfer of data between both profiles of the device is completely prevented. You can find out more about this model here. In any case, only the professional part of the device can be configured with the MDM.

The BYOD (Bring-Your-Own-Device) Model, even goes one step further: The user remains the administrator of the device and can delete the MDM from the device at any time. If the MDM client app is downloaded, a separate work profile is installed on the device. Only the apps in this area can be controlled by the MDM.

 

Special security functions of the MDM

Any good MDM offers the ability to create a general security policy for all mobile devices of the same type in the company. This is applied globally to these devices and therefore provides a good basis for comprehensively securing the devices. For some companies that do not have to meet particularly strict data protection requirements, this protection is often sufficient. If more protection is required or desired, additional guidelines can be applied that cover specific company requirements.

Particularly important functions include:

  • Specifying a password policy that determines the strength and length of the password. The user must first assign this password before the device can be used.
  • Remote locking and resetting of the device in the event of loss or theft. This prevents strangers from accessing important data.
  • Blocking SMS, specific phone numbers, unwanted apps or websites, etc. This reduces the risk of phishing or scamming.
  • Prevent adding private accounts on the device. This particularly affects private email accounts. This prevents important internal information from being accidentally sent by the user to private contacts.

In addition, there are many other functions that help you ensure the security of mobile devices in your company.

 

Security and MDM go hand in hand

With the help of an MDM, companies can upgrade their mobile devices with little effort and little cost so that they do not serve as a gateway for cyberattacks. The special security functions of an MDM protect the company’s and user’s data from theft or misuse and thus support compliance with the GDPR in companies. In addition, an MDM can be used to meet other digital compliance requirements.

 

Get an idea of ​​MobiVisor MDM for yourself!
Request a free trial version now.

Contact us
Kontakt